Senior Security Engineer

About the role
We are looking for a Senior Security Engineer to join us in Chandigarh. In this role, you will help strengthen and scale our information security management practices across our global business, supporting how we protect our systems, data, clients, and reputation.

As Senior Security Engineer, you will take a role in maintaining and improving our Information Security Management System aligned to ISO/IEC 27001, while also supporting broader assurance and compliance activity including internal audits, external audits, risk assessments, supplier security reviews, policy governance, awareness initiatives, and reporting. You will work closely with stakeholders across technology, operations, risk, and leadership to help embed effective, practical, and auditable security practices across our teams.

This is a strong opportunity for someone who combines hands-on ISMS and audit experience with a structured, collaborative approach and who wants to have visible impact on the maturity of our global security posture.

What you’ll do

• Maintain and continuously improve our Information Security Management System to support business needs and alignment with ISO/IEC 27001 requirements.

• Own and enhance core ISMS artefacts including scope documentation, risk registers, risk treatment plans, control evidence, policies, standards, procedures, and supporting records.

• Coordinate preparation for ISO/IEC 27001 surveillance and recertification audits, ensuring controls, documentation, and evidence remain accurate, current, and audit-ready.

• Support SOC 2 and other assurance activities where applicable, partnering with internal stakeholders, auditors, and control owners through planning, evidence collection, remediation tracking, and closure.

• Plan and execute the internal audit programme, identifying control weaknesses, non-conformities, and improvement opportunities, and tracking actions through to completion.

• Facilitate information security risk assessments across business and technology processes, helping teams evaluate threats, control effectiveness, residual risk, and appropriate treatment actions.

• Map and assess controls against relevant frameworks and requirements, including ISO 27001 Annex A and other applicable standards, regulations, and customer commitments.

• Perform control testing, gap assessments, and corrective and preventive action tracking to support continuous improvement across our security control environment.

• Support third-party and supplier security risk management activities, including due diligence reviews, evidence assessment, contract security requirements, and ongoing assurance.

• Partner with stakeholders to strengthen awareness of information security policies, responsibilities, and required controls across the organisation.

• Contribute to incident, continuity, and resilience-related assurance activity by helping ensure security requirements are appropriately documented, reviewed, and evidenced.

• Produce clear reporting on security metrics, audit outcomes, risk themes, remediation progress, and control maturity for management and senior stakeholders.

• Work with global teams to promote consistency, accountability, and continuous improvement in how security governance and compliance activities are delivered.

What we’re looking for

• 4+ years of relevant commercial experience in information security, GRC, ISMS management, compliance, or a closely related field, with strong exposure to ISO/IEC 27001 in practice.

• Solid hands-on experience supporting or leading ISO/IEC 27001 audits, surveillance reviews, recertification activity, and ongoing evidence management.

• Good knowledge of security control frameworks and how to translate them into practical policies, standards, controls, and assurance activities.

• Experience conducting internal audits, control assessments, or compliance reviews, and can document findings clearly and track remediation effectively.

• You uderstand information security risk management principles and can support risk identification, assessment, treatment, acceptance, and escalation.

• Comfortable reviewing and maintaining structured documentation, including policies, procedures, standards, statements of applicability, registers, and audit artefacts.

• Experience working with third-party or supplier security assurance processes, including reviewing certifications, reports, questionnaires, and supporting evidence.

• Communicate clearly with both technical and non-technical stakeholders and can work confidently with auditors, control owners, and leadership teams.

• Organised, detail-oriented, and able to manage multiple priorities while maintaining a high standard of quality and follow-through.

• Ability to approach problems with sound judgement, a logical mindset, and a focus on practical, sustainable outcomes.

• Work well across teams and time zones, building strong relationships and helping drive accountability in a collaborative way.

• Experience with SOC 2, NIST CSF, ISO 27017, ISO 27018, cloud control environments, or regulated financial technology environments would be beneficial.

• Relevant certifications such as ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, CISA, CRISC, or equivalent would be advantageous.

Why EquiLend?

• Be recognised for your contribution through a discretionary annual cash bonus, linked to individual and company performance

• Work flexibly with up to 100 remote working days per year.

• Take time to recharge with 30 days of paid leave per year, comprising paid, casual, and sick leave, plus public holidays.

• Access comprehensive health insurance for you and your dependents from your first day.

• Receive personal accident insurance from the start of your employment.

• Connect with colleagues at an annual company-sponsored team retreat, hosted at a new location each year.

• If relocating from more than 40 miles away, receive hotel accommodation and travel ticket reimbursement.

About EquiLend
EquiLend is a global financial technology firm at the center of the securities finance industry. Since 2001, we have built the infrastructure that financial institutions rely on to trade, manage, and report. This includes products such as our NGT trading platform, Post Trade Suite, DataLend market intelligence, RegTech solutions, and EquiLend Clearing Services.

We operate across North America, EMEA, and Asia-Pacific, working with banks, broker dealers, asset managers, and custodians to bring greater efficiency, transparency, and automation to the securities finance lifecycle. Our teams combine deep market expertise with a focus on building technology that works at scale, under real-world conditions, for some of the world's most demanding financial institutions.

EquiLend is Great Place to Work Certified™ in the U.S., UK, Ireland, and India, and has been recognized as Global Data Provider of the Year and Regulatory Solution of the Year at the Securities Finance Times Industry Excellence Awards 2025.

Diversity & Inclusion
We know that the best solutions come from teams that bring different perspectives, backgrounds, and ways of thinking to the table. At EquiLend, we are committed to building a workplace where everyone feels they belong and aim to reflect this in how we hire, develop, and support our people.

We are actively working to ensure our teams are as diverse as the global markets and clients we serve. That means creating an environment where different viewpoints are sought out and where people can do their best work regardless of background.

If you require any reasonable adjustments or accommodations at any stage of the recruitment process, please let us know and we will work with you to make it happen.

#LI-Hybrid